package com.huikeportal.controller.common;

import java.io.IOException;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.huikeportal.model.MenuInfo;

/**
 * session过滤器
 * 
 * @author winner
 * 
 */
public class SessionFilter implements Filter {

	public void destroy() {
		// TODO Auto-generated method stub

	}

	@SuppressWarnings("unchecked")
	public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc)
			throws IOException, ServletException {
		HttpServletRequest request = (HttpServletRequest) req;
		HttpServletResponse response = (HttpServletResponse) res;
		response.setHeader("Pragma", "No-cache");
		response.setHeader("Cache-Control", "no-cache");
		response.setDateHeader("Expires", 0);
		// String contextPath = request.getContextPath();
		String uri = request.getRequestURI();
		// 换肤功能
		String cssId = MessageManager.getMsg("cssPath");
		request.getSession().setAttribute("defaultCss", cssId);
		// 用户session
		Object obj = request.getSession().getAttribute("sessionUserName");
		req.setCharacterEncoding("utf-8");
		// // 如果是访问首页
		// if ("/huiKePortal/".equals(uri)) {
		// request.getRequestDispatcher("pageLoad").forward(request, response);
		// return;
		// }
		// 如果是以下地址，不过滤
		if (uri.indexOf("index.jsp") > 0 || uri.indexOf("favicon.ico") > 0
				|| uri.indexOf("validateCode") > 0 || uri.indexOf("login") > 0
				|| uri.indexOf(".css") > 0 || uri.indexOf(".png") > 0
				|| uri.indexOf("metro") > 0 || uri.indexOf("news") > 0
				|| uri.indexOf("about") > 0 || uri.indexOf("index_mobile") > 0
				|| uri.indexOf(".jpg") > 0 || uri.indexOf("login_mobile") > 0
				|| uri.indexOf("huike_") > 0
				|| (uri.indexOf("js/") > 0 || uri.indexOf("logout") > 0)) {
		}
		// 如果没有session
		else if (obj == null) {
			// 如果是ajax请求
			// 使用 request.getHeader("x-requested-with")
			// 为 null，则为传统同步请求
			// 为 XMLHttpRequest，则为 Ajax 异步请求
			if (request.getHeader("x-requested-with") != null
					&& request.getHeader("x-requested-with").equalsIgnoreCase(
							"XMLHttpRequest")) {
				// response.sendError(888);
				// return;
			} else {
				request.getRequestDispatcher("pageLoad").forward(request,
						response);
				// request.getRequestDispatcher("jsp/login.jsp").forward(request,
				// response);
				// response.sendRedirect(contextPath + LOGIN_PAGE_URI);
				return;
			}
		}
		// 如果是访问数据报告
		else {
			// 获取当前登录用户所有的最大菜单权限
			List<MenuInfo> roleMenuList = (List<MenuInfo>) request.getSession()
					.getAttribute("roleMenuList");
			// 获取所有的页面菜单
			List<MenuInfo> allMenuList = (List<MenuInfo>) request.getSession()
					.getAttribute("allMenuList");
			if (allMenuList != null && roleMenuList != null) {
				for (int i = 0; i < allMenuList.size(); i++) {
					// 如果地址是系统菜单的地址
					if (uri.indexOf(allMenuList.get(i).getUrl()) > 0) {
						boolean flag = false;
						for (int j = 0; j < roleMenuList.size(); j++) {
							// 如果地址是当前用户权限内的菜单地址
							if (uri.indexOf(roleMenuList.get(j).getUrl()) > 0) {
								flag = true;
								break;
							}
						}
						if (!flag) {
							request.getRequestDispatcher("pageLoad").forward(
									request, response);
							return;
						}
					}
				}
			}
		}
		fc.doFilter(request, response);
	}

	public void init(FilterConfig arg0) throws ServletException {
		// TODO Auto-generated method stub
	}

}
